[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] nm no-dsa

Moritz Muehlenhoff jmm at debian.org
Tue Mar 27 20:40:45 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04168784 by Moritz Muehlenhoff at 2018-03-27T22:40:15+02:00
nm no-dsa
imagemagick no-dsa
jasper unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -3,8 +3,9 @@ CVE-2018-9057 (aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terra
 CVE-2018-9056 (Systems with microprocessors utilizing speculative execution may allow ...)
 	TODO: check
 CVE-2018-9055 (JasPer 2.0.14 allows denial of service via a reachable assertion in the ...)
-	- jasper <removed>
+	- jasper <removed> (unimportant)
 	NOTE: https://github.com/mdadams/jasper/issues/172
+	NOTE: Negligable impact
 CVE-2018-9054 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
 	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
 CVE-2018-9053 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
@@ -83,7 +84,9 @@ CVE-2017-18253 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer ...
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/794
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/de5deab202c340162b65f65bafbbe17b1eda2c1a
 CVE-2017-18252 (An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList ...)
-	- imagemagick <unfixed>
+	- imagemagick <unfixed> (low)
+	[stretch] - imagemagick <ignored> (Minor issue)
+	[jessie] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/802
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/12f34b60564de1cbec08e23e2413dab5b64daeb7
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb04ccb34fd45e9c3020786857fb79b09f44d7db
@@ -234,7 +237,9 @@ CVE-2018-8961 (In libming 0.4.8, the decompilePUSHPARAM function of decompile.c 
 	- ming <removed>
 	NOTE: https://github.com/libming/libming/issues/130
 CVE-2018-8960 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 ...)
-	- imagemagick 8:6.9.9.39+dfsg-1
+	- imagemagick 8:6.9.9.39+dfsg-1 (low)
+	[stretch] - imagemagick <ignored> (Minor issue)
+	[jessie] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1020
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/23f6beef78cfe806cabc090a015e73557d60788e
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7c0b29f621ebcce1a35c0e6c1992c9043b3bb1bd
@@ -591,6 +596,8 @@ CVE-2018-8822 (Incorrect buffer length handling in the ncp_read_kernel function 
 	- linux <unfixed>
 CVE-2018-1000135 (GNOME NetworkManager version 1.10.2 and earlier contains a Information ...)
 	- network-manager <unfixed>
+	[stretch] - network-manager <no-dsa> (Minor issue)
+	[jessie] - network-manager <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=746422
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553634
@@ -637,7 +644,9 @@ CVE-2018-8806 (In libming 0.4.8, there is a use-after-free in the ...)
 CVE-2018-8805 (Yxcms building system (compatible cell phone) v1.4.7 has XSS via the ...)
 	NOT-FOR-US: Yxcms
 CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote ...)
-	- imagemagick 8:6.9.9.39+dfsg-1
+	- imagemagick 8:6.9.9.39+dfsg-1 (low)
+	[stretch] - imagemagick <ignored> (Minor issue)
+	[jessie] - imagemagick <ignored> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f55d3a622d234e940fb99325b92c6d3df578fa9b
 	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6355db269e03f879c516cf9d592c72e157bc75d6
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1025



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/041687847aed2515ffcb187b696125f6f83b6b6c

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/041687847aed2515ffcb187b696125f6f83b6b6c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180327/8084d5c1/attachment.html>

More information about the Secure-testing-commits mailing list